What annoys me is that we have had thin clients for decades: using remotely hosted software has been mature for as long as I can remember. VT100 emulation even works across a modem link. Want a GUI? the X Window system has been around for over a decade as well.
I like the Lynx browser: it uses external programs for also most everything. Even things like YouTube can work if you hand off the.flv to a video player. Browsers should not be acting as an OS replacements with their own schedulers. IMO, browsers should not be handling client-side scripting at all: hand that Java Applet off to an interpreter.
I think floppy drives have a hardware interlock that cannot be overridden by software. Even though I was aware the write-protect tab in SD cards has no electrical connection, I assumed SD card readers were the same. I suppose a "write enable" pin on the card would be required for a hardware interlock. An electrical connection inside the card would be tricky (read more expensive, less reliable) to implement.
Anyway, I am responding to this post to let Mathinker know I responded to my original post with new information. (Some USB drives have write-protect tabs)
They know approximately when the RSA algorithm is being processed because they send a challenge message to the machine.
You raise a valid point about the corruption of other processes. Erroneous results are not likely to cause those processes to quit as far as I know. They will simply produce "wrong" results, making the attack detectable.
The attack is specialized for another reason: They put the entire system on a FPGA. This attack won't work for a server or workstation (with a case intrusion sensor) because the switch-mode power supply will draw extra current to compensate for low line voltage. This may be useful for things like cracking High Definition Content Protection (encrypts the signal between displays) for example (unless they use a chip resistant to the attack).
This comment bugs me. When the "piracy" rate increases, the execs conclude the DRM wasn't harsh enough. The correct solution is for people to vote with their wallet and free time by not playing the game at all. If both sales and piracy drop, the only conclusion is that people are avoiding the game. The only question remains: are bad reviews or DRM the cause?
I am considering sending a paper, bilingual letter to Ubisoft explaining why I don't play their games. Historically, the problem was steep hardware requirements. I was blissfully unaware of DRM and its chilling effects. I am now reluctant to buy new hardware because most recent video cards implement things like HDMI, which in turn implements High Definition Content Protection (encrypts video signal from your machine to the display).
When I told my brother to avoid Assassin's Creed 2 (or any recent Ubisoft game) he pointed out he doesn't have any Ubisoft games. This is the person who bought Spore and the DLC (Ugly and cute) despite my objections with the DRM. I can honestly say I am the only person in the family remotely interested in Ubisoft games. I also won't touch them if they implement DRM. I have been using GNU/Linux for 10 years. DRM (like disk checks) tend to make the games less reliable when run under WINE. "Phone-home" checks like Valve's Steam and Ubisoft's Online Services Platform are likely to work, but I also refuse to buy games that do "phone home" DRM checks. It is bad enough that you want me to run a binary without access to the source code. Relying on the goodwill (and continued existence) of the company is a red flag for me (that is to say, it may be justified for a MMORPG or similar).
Re:This explains a lot.
on
Window Pain
·
· Score: 1
So that's why my dad doesn't like decaf.
Re:Firefox + NoScript + Adblock Plus + FlashBlocke
on
Window Pain
·
· Score: 0, Offtopic
I'm no gamer, but I am starting to think that games are not a valid reason for staying with Windows: If it doesn't work under WINE, the game is probably trying to use some kind of intrusive DRM. From that point on, the Windows machine can not be trusted: you essentially have to treat it like a console. If you are treating you computer like a console, just get a console instead!
Re:Firefox + NoScript + Adblock Plus + FlashBlocke
on
Window Pain
·
· Score: 1
You don't need to install any Plug-ins to avoid the more obnoxious ADs: simply disable client-side scripting and don't install Flash/Silverlight in the first place. It has always struck be a strange that you are supposed to install plug-ins for extra functionality, then even more plug-in to "roll-back" that extra functionality.
I understand the "Firefox + NoScript + Adblock Plus + FlashBlocker" method allows you to whitelist certain sites. However, some web-sites prohibit AD blocking software as part of their Terms Of Service. If you don't install the plug-ins in the first place, you are not blocking the ADs. Your browser is simply incapable of displaying them! Sure a few "fringe" site like YouTube and Ubisoft won't work, but they obviously don't want your business anyway.
They do not need to time the attack for when the computation is underway. The CPU automatically uses more power during the computation, causing the errors the researchers are interested in.
To make this attack possible, faults with the characteristics de-
scribed must be injected in the attacked microprocessor. For this
purpose, we exploit a circuit-level vulnerability common in micro-
processor design: multiplier circuits tend to be fairly complex, and
much effort has been dedicated to developing high performance
multipliers, that is, multipliers with short critical path delays. Even
so, often the critical path of a microprocessor system goes through
the multiplier circuit [12]. If environmental conditions (such as
high temperatures or voltage manipulation by an attacker) slow
down the signal propagation in the system, it is possible that signals
through the critical path do not reach their corresponding registers
or latches before the next clock cycle begins. In such situations,
one of the first units to fail in computing correct results tends to
be the multiplier, because its "margin" of delay is minimal. Note
that not all multiplications would be erroneous, only those which
required values generated through the critical path.
I didn't really notice. That said, I don't have flash installed and JavaScript is disabled. I you want to control your computer while web-browsing, you should disable Client-side scripting as well.
Since you mentioned it, I looked at the page again. About a third the space is devoted to banner ADs.
Well, I reloaded the cited page with JavaScript enabled: still no "super Digital" cards listed. I see the following: CFast Cards, Secure Digital Cards, High Capacity SD Cards, MicroSD Cards, MicroSDHC, CompactFlash Cards, I-Temp CF Cards, and MiniSD Cards. All the 'SD' cards use the "Secure Digital" logo.
Super Talent Secure Digital card also provides security feature called Content Protection for Recordable Media (CPRM), which enables a new distribution system for music and other commercial media and assures a high level of protection against illegal copying.
If it makes you feel any better I am thinking of trying MMC cards to see it the problems I have experienced with SD cards are simply due to Crappy card readers. Very few are actually USB certified. Even some that have the logo don't appear to be on the list. I am going to have to investigate whether is is possible to certify a card reader implementing CPRM (because it breaks the generic mass storage device driver). If is possible that the certified devices are only tested with CF or MMC cards.
I have no idea what you are talking about. My guess is 'WP' refers to "Washington Post." To use the 'SD' logo, the cards must implement the DRM:
Having a proven record in DVD, this (CPRM) is enhanced in SD memory cards through the use of "key revocation" technology built into each card.
The card's control circuitry allows data to be read and written (in its protection area) only when appropriate external devices are detected. A check-out (copying) from a PC to the SD memory card is restricted to three copies in compliance with the SDMI specification. All SD-Audio products comply with SDMI.
The SD card copyright protection function has the following features:
Access to an SD memory card must be enabled by authentication between devices
random number is generated each time there is mutual authentication and exchange of security information
I don't find DRM'd cards trustworthy because they are designed to fail in sometimes unpredictable ways. My storage devices have no knowledge of copyright laws, so should not try to enforce them when I am trying to boot from a "known good" filesystem!
I just hope the upcoming Universal Flash Storage (UFS) is a viable floppy replacement. I am not optimistic, as if I had read the proposed standard, I would not be allowed to provide you with that link.
Trojans are easy enough to get rid of with: # dd if=/dev/zero of=/dev/sda Where/dev/sda is your flash device.
Disable Client-side scripting like Javascript. Don't install Flash and Silverlight plug-ins. If a website does not work, they are probably not worth the time of day.
You obviously didn't understand my objection to "Secure Digital" cards: If it includes DRM, I can't trust it. I don't look forward to having to buy surplus servers just to avoid HDMI with HDCP built in.
Servers probably still use floppy drives because there is still no viable floppy replacement.
USB keys don't have write-protect tabs, so you have to be careful plugging into a compromised box.
SD Cards use a form of DRM called Copy Protection for Recordable Media. This means that you can not create a "kown good" filesystem image because your Card may refuse to talk to the card reader (you filthy pirate!).
CD-ROM disks are either Write-once or not write-protected. This makes making small changes to the boot image difficult (requiring a new disk).
Yes, I do use a floppy: my home router is running from a write-protected floppy disk. I am not sure if I can keep using a floppy disk in the transition to IPv6. The 2.6.x Linux kernel doesn't really fit on a floppy disk.
I am annoyed mainly because many web-hosting companies have similar restrictions.
Though, I suspect in that in many cases it is mainly a bandwidth issue: it is harder to over-sell bandwidth if you use a server and protocol that allows you to stay just under the limit. For example, you are allowed "unlimited" bandwidth and storage, so long as your website looks like a "normal" web-site without too many pictures or (now) non-standard protocols like gopher.
That said, one web-host I looked at prohibited even linking to "torrent" sites. After I asked for clarification, they confirmed that included the Debian website with its.torrent files. I suspect this is prompted by the fear of legal liability.
The more you pay, the fewer restrictions you have. At $300-$1000(base rate x3 due to indemnity clauses) per hour, lawyer fees quickly add up. I think many webhosts have decided to prohibit anything "weird" for their budget accounts.
The Windows based netbooks require a spinning disk to keep costs down. The problem is that these spinning disks have less performance than desktop drives from 10 years ago.
Yes, It may be true that at this point in history, P2P protocols (like bittorrent) are often used of infringing uses. However non-infringing uses will not be able to develop without he ability to experiment. I have been hoping the move to IPv6 may put an end to silly filtering (the average user is not allowed to host a server for some reason). But, I suspect the filters will be quickly adapted so they work just fine on IPv6.
But.. P2P protocols have significant non-infringing uses. The IP protocol itself is P2P. Filtering on protocol is stupid IMO. Do you block gopher, FTP and Usenet as well?
My friend is busy with school, and has not commented yet. As I don't know how much I should disclose, I will talk about the tow vehicle.
Now, I said you can not use these to increase the tow capacity of the tow vehicle. You responded by pointing out trailers can be designed to reduce the direct load on the tow vehicle (my proposed over-capacity solution is a convoluted, possibly dangerous 3-wheeled design).
You then complain that the average car cannot put out maximum horsepower for an extended period of time. Not being mechanically inclined, I am not sure how true that is. The manual for my car suggests reduced speeds when towing.
You know what a small, automatic car does climbing a (short, steep) hill at highway speed? The engine cannot supply enough power to keep the speed up (even with extra gas). The RPMs drop, and the car shifts into a lower gear! If you are traveling slow enough it may even down-shift twice. I suppose your point is high RPMs increase the transmission temperature and can lead to failure. The manual for my car does mention an optional transmission cooler.
I guess my point is your proposed solutions appear to move the problems of overcapacity towing from the rear axle to the drive-train.
tl;dr: Patient: "Doctor, it hurts when I do this."
I have a friend who had a similar idea (and hopes to build/patent it).
I pointed out you can't increase the load rating of the tow vehicle using this method. During emergency braking, much of the weight of the trailer will be shifted onto the rear axle of the tow vehicle.
My friend then pointed out the other benefits you mention.
I found the footnote where they invoke the name of the W3C to justify patents interesting:
Software interoperability standards such as those promulgated by the World Wide Web Consortium (w3c) and the Internet Engineering Task Force (IETF) are necessary to enable the important uses of software, supra at 18-23, which require acquisition and assimilation of data from numerous heterogeneous sources. With the advent of patent protection for software, firms are able to selectively license innovations on favorable terms to the community of standards users, thus encouraging other firms to participate in and adopt standards.
The main point of the Brief seems to be that the test for patentability should not rely on an arbitrary method of implementation. The Brief explicitly states that it relies on the US constitution that says that advances in the "useful arts" (technology) are patentable. As such, many of the claims may not apply in other jurisdictions such as my own. From the brief:
Patenting technological inventions promotes innovation. No sound patent policy supports protection for non-technological processes, including non-technological business methods.
- Page 7.8 of Brief (pages 20,21 of pdf)
I supposed if the scope of software patents is limited enough such that entire fields of innovation are not cut-off (a patent on Morse code was used as an example), I suppose they can't do to much harm.
INAL, and don't know enough about Tex to answer directly, but I believe TeX may be "prior art" under the following conditions:
The choice of font/formatting must be stored in a separate file, or there must be a documented option of doing this.
The above functionality must have been implemented and documented since before the patent was filed (June 2, 1994).
If the developers learned of the concept of "separating content from formatting" from: Michel J. M. G. Vulpe or Stephan P. Owens of Toronto, Canada, documentation may be needed from June 2, 1993 or earlier.
I have come up with a partial work-around to get the media to actually consider the issue:
Watch you favorite news broadcast.
Note external Video sources like YouTube and Google earth.
Watch for how these sources are used/acknowledged. Are they just using a screen shot, or do they have permission?
Go to the original source and read their "Terms of Service". Got to the "IP licensing" section of the site if necessary.
Send a friendly note with the data you collected to the producer. Note that while allowed under fair use, proposed copyright reform provisions (like giving web-site terms the force of law) may open them up to liability.
???
Profit from sane copyright laws.
I have actually done this on one occasion. I sent feedback on the local CBC (Edmonton) web-site pointing out that the YouTube TOS prohibited filming the screen (as was done for a story about a YouTube Video). The proposed legislation I read (forget if it was C-60 or C-61) actually had a section saying web-site terms take precedence over the rest of the law. I think with reforms such as that, the media is open to larger liability than individual file-sharers.
One potential draw-back of such a campaign is that the media may just "license" the work or make it hard to determine if the video is a screen-shot. Such behavior would miss the point entirely.
Slashdot Mirror
What annoys me is that we have had thin clients for decades: using remotely hosted software has been mature for as long as I can remember. VT100 emulation even works across a modem link. Want a GUI? the X Window system has been around for over a decade as well.
I like the Lynx browser: it uses external programs for also most everything. Even things like YouTube can work if you hand off the .flv to a video player. Browsers should not be acting as an OS replacements with their own schedulers. IMO, browsers should not be handling client-side scripting at all: hand that Java Applet off to an interpreter.
Don't get me started on the "pixel perfect" cult.
I think floppy drives have a hardware interlock that cannot be overridden by software. Even though I was aware the write-protect tab in SD cards has no electrical connection, I assumed SD card readers were the same. I suppose a "write enable" pin on the card would be required for a hardware interlock. An electrical connection inside the card would be tricky (read more expensive, less reliable) to implement.
Anyway, I am responding to this post to let Mathinker know I responded to my original post with new information. (Some USB drives have write-protect tabs)
Chuck Swiger on the freebsd-questions mailing list pointed out that some USB flash drives have write-protect switches:
PQI U339H 8GB Flash Drive (USB2.0 Portable) Model BB18-8039R0151 - Retail
They know approximately when the RSA algorithm is being processed because they send a challenge message to the machine.
You raise a valid point about the corruption of other processes. Erroneous results are not likely to cause those processes to quit as far as I know. They will simply produce "wrong" results, making the attack detectable.
The attack is specialized for another reason: They put the entire system on a FPGA. This attack won't work for a server or workstation (with a case intrusion sensor) because the switch-mode power supply will draw extra current to compensate for low line voltage. This may be useful for things like cracking High Definition Content Protection (encrypts the signal between displays) for example (unless they use a chip resistant to the attack).
This comment bugs me. When the "piracy" rate increases, the execs conclude the DRM wasn't harsh enough. The correct solution is for people to vote with their wallet and free time by not playing the game at all. If both sales and piracy drop, the only conclusion is that people are avoiding the game. The only question remains: are bad reviews or DRM the cause?
I am considering sending a paper, bilingual letter to Ubisoft explaining why I don't play their games. Historically, the problem was steep hardware requirements. I was blissfully unaware of DRM and its chilling effects. I am now reluctant to buy new hardware because most recent video cards implement things like HDMI, which in turn implements High Definition Content Protection (encrypts video signal from your machine to the display).
When I told my brother to avoid Assassin's Creed 2 (or any recent Ubisoft game) he pointed out he doesn't have any Ubisoft games. This is the person who bought Spore and the DLC (Ugly and cute) despite my objections with the DRM. I can honestly say I am the only person in the family remotely interested in Ubisoft games. I also won't touch them if they implement DRM. I have been using GNU/Linux for 10 years. DRM (like disk checks) tend to make the games less reliable when run under WINE. "Phone-home" checks like Valve's Steam and Ubisoft's Online Services Platform are likely to work, but I also refuse to buy games that do "phone home" DRM checks. It is bad enough that you want me to run a binary without access to the source code. Relying on the goodwill (and continued existence) of the company is a red flag for me (that is to say, it may be justified for a MMORPG or similar).
So that's why my dad doesn't like decaf.
I'm no gamer, but I am starting to think that games are not a valid reason for staying with Windows: If it doesn't work under WINE, the game is probably trying to use some kind of intrusive DRM. From that point on, the Windows machine can not be trusted: you essentially have to treat it like a console. If you are treating you computer like a console, just get a console instead!
You don't need to install any Plug-ins to avoid the more obnoxious ADs: simply disable client-side scripting and don't install Flash/Silverlight in the first place. It has always struck be a strange that you are supposed to install plug-ins for extra functionality, then even more plug-in to "roll-back" that extra functionality.
I understand the "Firefox + NoScript + Adblock Plus + FlashBlocker" method allows you to whitelist certain sites. However, some web-sites prohibit AD blocking software as part of their Terms Of Service. If you don't install the plug-ins in the first place, you are not blocking the ADs. Your browser is simply incapable of displaying them! Sure a few "fringe" site like YouTube and Ubisoft won't work, but they obviously don't want your business anyway.
They do not need to time the attack for when the computation is underway. The CPU automatically uses more power during the computation, causing the errors the researchers are interested in.
- Fault-Based Attack of RSA Authentication, Page 3, Section 4.
I didn't really notice. That said, I don't have flash installed and JavaScript is disabled. I you want to control your computer while web-browsing, you should disable Client-side scripting as well.
Since you mentioned it, I looked at the page again. About a third the space is devoted to banner ADs.
Well, I reloaded the cited page with JavaScript enabled: still no "super Digital" cards listed. I see the following: CFast Cards, Secure Digital Cards, High Capacity SD Cards, MicroSD Cards, MicroSDHC, CompactFlash Cards, I-Temp CF Cards, and MiniSD Cards. All the 'SD' cards use the "Secure Digital" logo.
- http://www.supertalent.com/products/sd_detail.php?series=Secure Digital Cards
If it makes you feel any better I am thinking of trying MMC cards to see it the problems I have experienced with SD cards are simply due to Crappy card readers. Very few are actually USB certified. Even some that have the logo don't appear to be on the list. I am going to have to investigate whether is is possible to certify a card reader implementing CPRM (because it breaks the generic mass storage device driver). If is possible that the certified devices are only tested with CF or MMC cards.
I have no idea what you are talking about. My guess is 'WP' refers to "Washington Post." To use the 'SD' logo, the cards must implement the DRM:
- http://www.sdcard.org/developers/tech/
I don't find DRM'd cards trustworthy because they are designed to fail in sometimes unpredictable ways. My storage devices have no knowledge of copyright laws, so should not try to enforce them when I am trying to boot from a "known good" filesystem!
I just hope the upcoming Universal Flash Storage (UFS) is a viable floppy replacement. I am not optimistic, as if I had read the proposed standard, I would not be allowed to provide you with that link.
Trojans are easy enough to get rid of with: # dd if=/dev/zero of=/dev/sda /dev/sda is your flash device.
Where
Disable Client-side scripting like Javascript. Don't install Flash and Silverlight plug-ins. If a website does not work, they are probably not worth the time of day.
You obviously didn't understand my objection to "Secure Digital" cards: If it includes DRM, I can't trust it. I don't look forward to having to buy surplus servers just to avoid HDMI with HDCP built in.
Servers probably still use floppy drives because there is still no viable floppy replacement.
Yes, I do use a floppy: my home router is running from a write-protected floppy disk. I am not sure if I can keep using a floppy disk in the transition to IPv6. The 2.6.x Linux kernel doesn't really fit on a floppy disk.
I am annoyed mainly because many web-hosting companies have similar restrictions.
Though, I suspect in that in many cases it is mainly a bandwidth issue: it is harder to over-sell bandwidth if you use a server and protocol that allows you to stay just under the limit. For example, you are allowed "unlimited" bandwidth and storage, so long as your website looks like a "normal" web-site without too many pictures or (now) non-standard protocols like gopher.
That said, one web-host I looked at prohibited even linking to "torrent" sites. After I asked for clarification, they confirmed that included the Debian website with its .torrent files. I suspect this is prompted by the fear of legal liability.
The more you pay, the fewer restrictions you have. At $300-$1000(base rate x3 due to indemnity clauses) per hour, lawyer fees quickly add up. I think many webhosts have decided to prohibit anything "weird" for their budget accounts.
Maybe that's because they all run windows now.
The Windows based netbooks require a spinning disk to keep costs down. The problem is that these spinning disks have less performance than desktop drives from 10 years ago.
Okay, I saw some of your responses.
Yes, It may be true that at this point in history, P2P protocols (like bittorrent) are often used of infringing uses. However non-infringing uses will not be able to develop without he ability to experiment. I have been hoping the move to IPv6 may put an end to silly filtering (the average user is not allowed to host a server for some reason). But, I suspect the filters will be quickly adapted so they work just fine on IPv6.
But.. P2P protocols have significant non-infringing uses. The IP protocol itself is P2P. Filtering on protocol is stupid IMO. Do you block gopher, FTP and Usenet as well?
My friend is busy with school, and has not commented yet. As I don't know how much I should disclose, I will talk about the tow vehicle.
Now, I said you can not use these to increase the tow capacity of the tow vehicle. You responded by pointing out trailers can be designed to reduce the direct load on the tow vehicle (my proposed over-capacity solution is a convoluted, possibly dangerous 3-wheeled design).
You then complain that the average car cannot put out maximum horsepower for an extended period of time. Not being mechanically inclined, I am not sure how true that is. The manual for my car suggests reduced speeds when towing.
You know what a small, automatic car does climbing a (short, steep) hill at highway speed? The engine cannot supply enough power to keep the speed up (even with extra gas). The RPMs drop, and the car shifts into a lower gear! If you are traveling slow enough it may even down-shift twice. I suppose your point is high RPMs increase the transmission temperature and can lead to failure. The manual for my car does mention an optional transmission cooler.
I guess my point is your proposed solutions appear to move the problems of overcapacity towing from the rear axle to the drive-train.
tl;dr: Patient: "Doctor, it hurts when I do this."
Doctor: "Stop doing that."
I have a friend who had a similar idea (and hopes to build/patent it).
I pointed out you can't increase the load rating of the tow vehicle using this method. During emergency braking, much of the weight of the trailer will be shifted onto the rear axle of the tow vehicle.
My friend then pointed out the other benefits you mention.
I found the footnote where they invoke the name of the W3C to justify patents interesting:
Software interoperability standards such as those promulgated by the World Wide Web Consortium (w3c) and the Internet Engineering Task Force (IETF) are necessary to enable the important uses of software, supra at 18-23, which require acquisition and assimilation of data from numerous heterogeneous sources. With the advent of patent protection for software, firms are able to selectively license innovations on favorable terms to the community of standards users, thus encouraging other firms to participate in and adopt standards.
Emphasis in original (page 29, 42 in pdf). I don't think that is the purpose of the W3C's patent policy, which states that any patented methods described in w3c standards must be freely licensed. The W3C makes recommendations based on common industry practice. IBM's interpretation implies that Patents must be used to rigorously impose standards as is done by: 3D-3C, LLC, DVD Format/Logo Licensing Corporation, 4C Entity, Digital Content Protection LLC, and Digital Transmission Licensing Administrator.
The main point of the Brief seems to be that the test for patentability should not rely on an arbitrary method of implementation. The Brief explicitly states that it relies on the US constitution that says that advances in the "useful arts" (technology) are patentable. As such, many of the claims may not apply in other jurisdictions such as my own. From the brief:
Patenting technological inventions promotes innovation. No sound patent policy supports protection for non-technological processes, including non-technological business methods.
- Page 7.8 of Brief (pages 20,21 of pdf)
I supposed if the scope of software patents is limited enough such that entire fields of innovation are not cut-off (a patent on Morse code was used as an example), I suppose they can't do to much harm.
INAL, and don't know enough about Tex to answer directly, but I believe TeX may be "prior art" under the following conditions:
In my opinion, yes.
Back to HTML 3.2 for US websites!
I have come up with a partial work-around to get the media to actually consider the issue:
I have actually done this on one occasion. I sent feedback on the local CBC (Edmonton) web-site pointing out that the YouTube TOS prohibited filming the screen (as was done for a story about a YouTube Video). The proposed legislation I read (forget if it was C-60 or C-61) actually had a section saying web-site terms take precedence over the rest of the law. I think with reforms such as that, the media is open to larger liability than individual file-sharers.
One potential draw-back of such a campaign is that the media may just "license" the work or make it hard to determine if the video is a screen-shot. Such behavior would miss the point entirely.